| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | "Merlin Moncure" <merlin(dot)moncure(at)rcsonline(dot)com> |
| Cc: | "List pgsql-hackers" <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: securing pg_proc |
| Date: | 2005-03-17 16:07:08 |
| Message-ID: | 24721.1111075628@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
"Merlin Moncure" <merlin(dot)moncure(at)rcsonline(dot)com> writes:
> 1. Am I totally off my rocker for suggesting users without 'execute'
> priv. should not be able to view procedure source.
1. I don't particularly buy that, no. Why draw the line at seeing
source code? The mere name and argument list might be considered
'sensitive' information.
2. We haven't had a policy of hiding schema information in the past, and
I don't think it's the sort of thing that can usefully be bolted on
piecemeal.
3. The people who ask for this sort of thing frequently don't want those
with execute permission to look at the source, either, so your proposed
solution really isn't going to satisfy anybody.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Merlin Moncure | 2005-03-17 16:50:21 | Re: securing pg_proc |
| Previous Message | Merlin Moncure | 2005-03-17 15:45:39 | securing pg_proc |